She asks a simple, yet pertinent question:
Why hasn't more been done about CNP fraud?
Well, Emma, you'll be happy to know that because our point of sale terminal, designed specifically for web-based financial transactions, has been PCI 2.x certified by Visa, MasterCard, AMEX, Discover and JCB, they have effectively certified our device as one which can conduct "card present" transactions in what was previously a Card Not Present environment.
This is fantastic news for financial institutions, merchants and consumers because...although CNP transactions make up about 10% of all transactions, it is responsible for 54% of total fraud losses. It occurs because the customer cannot physically swipe their card when purchasing online. Now, with PCI certification, they can.
I was ordering a takeaway the other night and needed to pay by card over the phone because I almost never have any cash on me for fear of losing it.
After placing my order I started to give my card details to authorize the payment when I suddenly remembered statistics which showed how much Card Not Present (CNP) fraud has increased over the past 10 years.
My takeaway was tasty but it was tainted by this slight hint of concern because I have personal experience of taking card details for CNP transactions and I really know how much trust is placed in the hands of the cashier.
While I was studying for my degree I had a part-time job in a local off licence which offered home deliveries. If customers wanted some alcohol delivered to their door, all they had to do was ring the shop, tell us what they wanted and where it was going to, and then pay for it using their card over the phone by giving us their card details.
To authorize the transaction we needed:The next step would be to enter the information into the point of sale machine and the card would be processed thus completing the sale.
- The long card number (PAN) Primary Account Number
- The start date
- The end date
- The issue number
- The last 3 digits of the security code on the signature strip
- The house number and the numbers from the postcode of the card’s billing address
(Editor's Note: That would be the first and only step if the consumer was equipped with our PCI 2.x certified personal point of sale terminal/PIN Pad.)
"I was then left with a precious piece of paper in front of me containing all of the customer’s card details. Luckily, I am a very honest person and handled the data with the sensitivity and respect it deserved by immediately handing it to my superior to be destroyed. If I wasn’t so honest, it would have been very easy for me to take down the details and use that card to purchase items online."
You can now understand why I didn’t fully enjoy my takeaway that night – I feared that I had placed maybe a little too much trust in the stranger on the other end of the phone and decided to keep an extra vigilant eye on my card statement for the next month.
"It prompted me to think about why CNP transactions were still deemed a viable payment method and to look into why more hasn’t been put in place to protect everyone in the sales process from what I deemed to be a seemingly huge oversight."The result was the news article ‘How to protect yourself from Card Not Present (CNP) fraud’ which you can read by clicking the link.
Editor's Note: Actually, the result of those exact same questions is HomeATM's PCI 2.x Certified PIN Entry Device. What you have (CARD PRESENT) and what you know (PIN) = the Elimination of the CNP environment.
Thus...HomeATM eliminates the CNP environment by morphing that same environment into a "Card Present" one.
Swipe Card, Enter PIN. We instantaneously 3DES DUKPT end-to-end encrypt the data inside our device meaning the data never enters the browser. (BNP) Browser Not Present!